From a27780ddb27a07b6da313d042170b4238f573416 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Fri, 19 Jun 2026 01:41:00 +0000 Subject: [PATCH] chore(chart-deps): update trivy-operator to version 0.33.2 --- apps.yaml | 2 +- chart/chart-index/Chart.yaml | 2 +- charts/trivy-operator/Chart.yaml | 4 ++-- charts/trivy-operator/README.md | 6 +++--- charts/trivy-operator/generated/role.yaml | 2 ++ charts/trivy-operator/templates/specs/eks-cis-1.4.yaml | 2 +- charts/trivy-operator/templates/specs/k8s-cis-1.23.yaml | 2 +- charts/trivy-operator/templates/specs/k8s-nsa-1.0.yaml | 2 +- .../templates/specs/k8s-pss-baseline-0.1.yaml | 2 +- .../templates/specs/k8s-pss-restricted-0.1.yaml | 2 +- charts/trivy-operator/templates/specs/rke2-cis-1.24.yaml | 2 +- charts/trivy-operator/values.yaml | 4 ++-- 12 files changed, 17 insertions(+), 15 deletions(-) diff --git a/apps.yaml b/apps.yaml index 4a46e31787..38380d5ad1 100644 --- a/apps.yaml +++ b/apps.yaml @@ -208,7 +208,7 @@ appsInfo: integration: App Platform uses Sealed Secrets to provide a secure way to store Kubernetes secrets in Git repositories. Sealed Secrets can be used to store secrets in the values repository. trivy: title: Trivy Operator - appVersion: 0.30.1 + appVersion: 0.31.2 repo: https://github.com/aquasecurity/trivy-operator maintainers: Aqua Security relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index de21a457c0..8acdcb06a3 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -112,5 +112,5 @@ dependencies: version: 1.12.0 repository: https://cdfoundation.github.io/tekton-helm-chart/ - name: trivy-operator - version: 0.32.1 + version: 0.33.2 repository: https://aquasecurity.github.io/helm-charts/ diff --git a/charts/trivy-operator/Chart.yaml b/charts/trivy-operator/Chart.yaml index 7ac48680db..44ea9bcc3c 100644 --- a/charts/trivy-operator/Chart.yaml +++ b/charts/trivy-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.30.1 +appVersion: 0.31.2 description: Keeps security report resources updated keywords: - aquasecurity @@ -9,4 +9,4 @@ name: trivy-operator sources: - https://github.com/aquasecurity/trivy-operator type: application -version: 0.32.1 +version: 0.33.2 diff --git a/charts/trivy-operator/README.md b/charts/trivy-operator/README.md index 34d0aadc76..da80660984 100644 --- a/charts/trivy-operator/README.md +++ b/charts/trivy-operator/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.32.1](https://img.shields.io/badge/Version-0.32.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.30.1](https://img.shields.io/badge/AppVersion-0.30.1-informational?style=flat-square) +![Version: 0.33.2](https://img.shields.io/badge/Version-0.33.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.31.2](https://img.shields.io/badge/AppVersion-0.31.2-informational?style=flat-square) Keeps security report resources updated @@ -153,7 +153,7 @@ Keeps security report resources updated | trivy.image.pullPolicy | string | `"IfNotPresent"` | pullPolicy is the imge pull policy used for trivy image , valid values are (Always, Never, IfNotPresent) | | trivy.image.registry | string | `"mirror.gcr.io"` | registry of the Trivy image | | trivy.image.repository | string | `"aquasec/trivy"` | repository of the Trivy image | -| trivy.image.tag | string | `"0.69.3"` | tag version of the Trivy image | +| trivy.image.tag | string | `"0.71.1"` | tag version of the Trivy image | | trivy.imageScanCacheDir | string | `"/tmp/trivy/.cache"` | imageScanCacheDir the flag to set custom path for trivy image scan `cache-dir` parameter. Only applicable in image scan mode. | | trivy.includeDevDeps | bool | `false` | includeDevDeps include development dependencies in the report (supported: npm, yarn) (default: false) note: this flag is only applicable when trivy.command is set to filesystem | | trivy.insecureRegistries | object | `{}` | The registry to which insecure connections are allowed. There can be multiple registries with different keys. | @@ -190,7 +190,7 @@ Keeps security report resources updated | trivy.storageClassEnabled | bool | `true` | whether to use a storage class for trivy server or emptydir (one mey want to use ephemeral storage) | | trivy.storageClassName | string | `""` | storageClassName is the name of the storage class to be used for trivy server PVC. If empty, tries to find default storage class | | trivy.storageSize | string | `"5Gi"` | storageSize is the size of the trivy server PVC | -| trivy.supportedConfigAuditKinds | string | `"Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"` | The Flag is the list of supported kinds separated by comma delimiter to be scanned by the config audit scanner | +| trivy.supportedConfigAuditKinds | string | `"Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota,PersistentVolume,PersistentVolumeClaim"` | The Flag is the list of supported kinds separated by comma delimiter to be scanned by the config audit scanner | | trivy.timeout | string | `"5m0s"` | timeout is the duration to wait for scan completion. | | trivy.useBuiltinRegoPolicies | string | `"false"` | The Flag to enable the usage of builtin rego policies by default, these policies are downloaded by default from mirror.gcr.io/aquasec/trivy-checks | | trivy.useEmbeddedRegoPolicies | string | `"true"` | To enable the usage of embedded rego policies, set the flag useEmbeddedRegoPolicies. This should serve as a fallback for air-gapped environments. When useEmbeddedRegoPolicies is set to true, useBuiltinRegoPolicies should be set to false. | diff --git a/charts/trivy-operator/generated/role.yaml b/charts/trivy-operator/generated/role.yaml index 15b4677c8c..a53c992dd9 100644 --- a/charts/trivy-operator/generated/role.yaml +++ b/charts/trivy-operator/generated/role.yaml @@ -10,6 +10,8 @@ rules: - configmaps - limitranges - nodes + - persistentvolumeclaims + - persistentvolumes - pods - replicationcontrollers - resourcequotas diff --git a/charts/trivy-operator/templates/specs/eks-cis-1.4.yaml b/charts/trivy-operator/templates/specs/eks-cis-1.4.yaml index 8d1971e986..98fd8a4655 100644 --- a/charts/trivy-operator/templates/specs/eks-cis-1.4.yaml +++ b/charts/trivy-operator/templates/specs/eks-cis-1.4.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.30.1 + app.kubernetes.io/version: 0.31.2 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/charts/trivy-operator/templates/specs/k8s-cis-1.23.yaml b/charts/trivy-operator/templates/specs/k8s-cis-1.23.yaml index bc2e9633a0..12c7def3d9 100644 --- a/charts/trivy-operator/templates/specs/k8s-cis-1.23.yaml +++ b/charts/trivy-operator/templates/specs/k8s-cis-1.23.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.30.1 + app.kubernetes.io/version: 0.31.2 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/charts/trivy-operator/templates/specs/k8s-nsa-1.0.yaml b/charts/trivy-operator/templates/specs/k8s-nsa-1.0.yaml index 67a45fce8f..45652699a3 100644 --- a/charts/trivy-operator/templates/specs/k8s-nsa-1.0.yaml +++ b/charts/trivy-operator/templates/specs/k8s-nsa-1.0.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.30.1 + app.kubernetes.io/version: 0.31.2 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/charts/trivy-operator/templates/specs/k8s-pss-baseline-0.1.yaml b/charts/trivy-operator/templates/specs/k8s-pss-baseline-0.1.yaml index 7f3d646522..52132ab3e5 100644 --- a/charts/trivy-operator/templates/specs/k8s-pss-baseline-0.1.yaml +++ b/charts/trivy-operator/templates/specs/k8s-pss-baseline-0.1.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.30.1 + app.kubernetes.io/version: 0.31.2 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/charts/trivy-operator/templates/specs/k8s-pss-restricted-0.1.yaml b/charts/trivy-operator/templates/specs/k8s-pss-restricted-0.1.yaml index 245d0c8fbe..99252b09f4 100644 --- a/charts/trivy-operator/templates/specs/k8s-pss-restricted-0.1.yaml +++ b/charts/trivy-operator/templates/specs/k8s-pss-restricted-0.1.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.30.1 + app.kubernetes.io/version: 0.31.2 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/charts/trivy-operator/templates/specs/rke2-cis-1.24.yaml b/charts/trivy-operator/templates/specs/rke2-cis-1.24.yaml index b5a87034a3..0c7735e110 100644 --- a/charts/trivy-operator/templates/specs/rke2-cis-1.24.yaml +++ b/charts/trivy-operator/templates/specs/rke2-cis-1.24.yaml @@ -7,7 +7,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.30.1 + app.kubernetes.io/version: 0.31.2 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/charts/trivy-operator/values.yaml b/charts/trivy-operator/values.yaml index 850938d2da..673715f05e 100644 --- a/charts/trivy-operator/values.yaml +++ b/charts/trivy-operator/values.yaml @@ -360,7 +360,7 @@ trivy: # -- repository of the Trivy image repository: aquasec/trivy # -- tag version of the Trivy image - tag: 0.69.3 + tag: 0.71.1 # -- imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace imagePullSecret: ~ @@ -581,7 +581,7 @@ trivy: # -- The Flag is the list of supported kinds separated by comma delimiter to be scanned by the config audit scanner # - supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota" + supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota,PersistentVolume,PersistentVolumeClaim" # -- command. One of `image`, `filesystem` or `rootfs` scanning, depending on the target type required for the scan. # For 'filesystem' and `rootfs` scanning, ensure that the `trivyOperator.scanJobPodTemplateContainerSecurityContext` is configured